3 Welcome NCCIC National security has become interconnected with our Nation s cybersecurity. The National Cybersecurity and Communications Integration Center (NCCIC) provides critical national capabilities. The NCCIC s primary focus areas include conducting daily analysis and situational awareness, incident management, and information sharing in the cybersecurity and communications domains. The NCCIC organization supports a holistic approach at home and abroad to prevention, protection, mitigation, response, and recovery efforts. The NCCIC is a 24/7 Communications Operations and Integration Center. NCCIC partners include all federal departments and agencies; state, local, tribal, and territorial governments; the private sector; and international entities. In 2013, the NCCIC as a whole received over 220,000 reports of cybersecurity and communications incidents. These reports originated from both public and private partners sharing what they discovered on their information technology systems. The outreach facilitated gaining insights on the latest prevention and mitigation measures from the broader national cybersecurity community. In the coming years, an even greater number of cyber incidents are likely with a renewed need to solve cybersecurity and communications-related challenges as expeditiously as possible. I am proud of the hard work and dedication illustrated by the NCCIC team. Sincerely, Larry Zelvin, Director National Cybersecurity and Communications Integration Center (NCCIC) Department of Homeland Security Welcome ICS-CERT This year, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) briefed asset owners and developed tools and capabilities to enhance cybersecurity incident handling and response efforts. ICS-CERT correlated emerging cyber incidents with previous events and tracked known threat actors based on their techniques and tactics. The information these tools and capabilities yielded was leveraged to provide situational awareness information to federal law enforcement agencies and the greater industrial control system community. ICS-CERT initiatives accomplished in 2013 included: Providing briefings, including classified briefings, on industrial control systems threats and defense-in-depth to critical infrastructure owners, operators, and vendors as well as other industry and government partners. Hosting meetings and presenting event information and mitigations across all 16 critical infrastructure sectors. Triaging over 250 cybersecurity incidents by providing analytic support and guidance to asset owners. Delivering expert guidance and consultation to asset owners and operators on the self-assessment Cyber Security Evaluation Tool (CSET ) or Architecture Reviews. Engaging in one Industrial Control System Joint Working Group meeting bringing together the industrial control system community to share its best cybersecurity practices, create new relationships, and leverage knowledge from ICS-CERT. Best regards, Marty Edwards, Director Industrial Control Systems Cyber Emergency Response Team Department of Homeland Security ICSJWG GCC Chair 1

4 National Preparedness The economic welfare and safety of the American people relies on the resilience and reliability of the Nation s critical infrastructure. The National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Response Team (NCCIC/ ICS-CERT) provides a variety of operational capabilities to ensure that critical infrastructure across the nation continues to operate as designed and is well secured. These efforts require continual vigilance and innovative responses to address emerging challenges at a global level. ICS-CERT brings together a community of critical infrastructure stakeholders who work together to improve our national cybersecurity posture and address future needs. The Department of Homeland Security (DHS) applies guidance from Presidential Policy Directive 8: National Preparedness to enable operational programs like ICS-CERT to align key roles and responsibilities in its national cybersecurity response and mitigation efforts. The critical principles establish a fundamental doctrine for ICS-CERT response capabilities that include: engaged partnership; tiered response; scalable, flexible, and adaptable operational capabilities; unity of effort through unified command; and readiness to act. ICS-CERT employs an adaptable and repeatable process to ensure that ICS-CERT vendors, operators, and owners across the country can organize response efforts to address a variety of cybersecurity risks based on their unique needs and capabilities. This framework is not based on a one-sizefits-all organizational construct. Instead, it acknowledges the concept of tiered response, which emphasizes that response to cybersecurity incidents, and should be handled at the right level to support the critical infrastructure sector owner, operator, or vendor. ICS-CERT operations in this brochure are described by the attributes that support its scalable, flexible, and adaptable coordinating structures. The program has roles and responsibilities which include integrating capabilities across the whole community, local, state, tribal, territorial, and federal governments in support of response to actual and potential cybersecurity incidents. 2

5 National Preparedness I. Prevention Engaged Partnership WHAT II. Protection Tiered Protection WHAT III. Mitigation Scalable, Flexible and Adaptable Capabilities WHAT IV. Response Unity of Effort Through Unified Command WHAT The capabilities necessary to avoid, prevent, or stop a threatened or actual act or terrorism HOW HOW HOW HOW Industrial Control Systems Joint Working Group The capabilities necessary to secure critical infrastructure in the homeland against acts of terrorism and manmade or natural disasters Training The capabilities necessary to reduce loss of life and property by lessoning the impact of the cyber attack Incident Response, Vulnerability Handling The capabilities necessary to save lives, protect property and the environment, and meet basic human needs after a cyber incident has occurred US Computer Emergency Readiness Team (US-CERT) National Coordinating Center for Telecommunications (NCC) Outreach Cyber Security Evaluation Tool (CSET ) Advanced Analytical Laboratory Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) National Cybersecurity and Communications Integration Center (NCCIC) Operations Industrial Control System Consequence and Effects Analysis (ICS-CEA) V. Recovery Applies Advanced Capabilities to Support Recovery WHAT The capabilities necessary to assist communities affected by an incident to recovery effectively HOW Cybersecurity Assessments Evaluations and Architecture Reviews 3

6 Prevention Outreach Across Critical Infrastructure Sectors ICS-CERT supports prevention through the deployment of operational capabilities to avoid, or stop a cybersecurity threat. Prevention in this context relies on an engaged partnership with the industrial control system community of owners, operators, and vendors. DHS ICS-CERT, in coordination with the Federal Bureau of Investigation (FBI), Department of Energy, the Electricity Sector Information Sharing and Analysis Center, Transportation Security Administration (TSA), and the Oil and Natural Gas and Pipelines Sector Coordinating Councils Cybersecurity Working Group, conducted a series of Action Campaign Briefings throughout Fiscal Year 2013 in response to the growing number of cyber incidents related to U.S. critical infrastructure. The 14 briefings were given to over 750 attendees in various cities throughout the country to assist asset owners and operators in detecting intrusions and developing mitigation strategies. Briefings were held at both the classified and unclassified levels, and covered a wide range of topics. This included the latest threats against industrial control systems, adversary tactics, lessons learned from current activities, best practices for detecting and preventing intrusion, and methods for securing networks. Important sector-specific briefings: The American Fuel & Petrochemical Manufacturers (AFPM) Quality and Assurance and Technology Forum/ AFPM Plant Automation and Decision Support Conference, Nuclear Sector Joint Cyber Subcouncil - Sponsored by Nuclear Energy Institute, 7th Annual American Petroleum Institute Cybersecurity Conference for the Oil & Natural Gas Industry, Chemical Classified Briefing for Chief Information Officers, Nuclear Fuel Cycle Facility Conference, 2013 Chemical Sector Security Summit, and Cybersecurity for Oil and Natural Gas Forum. This level of engagement supports the continuous development of resources to help industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, mitigation, and recovery strategies. 4

7 Prevention Engaged Partnership with the ICSJWG Partnership relies on engagement of the entire control systems community by developing shared goals and aligning capabilities to reduce the risks associated with successful cyber attacks. Building a cohesive industrial control system community includes supporting ongoing, clear, consistent, and effective communications and shared situational awareness about cybersecurity incidents, mitigations, and recovery. ICS-CERT recognizes that outreach plays a critical role in those coordination efforts. ICS-CERT s outreach strategy continues to leverage the Industrial Control Systems Joint Working Group, engaging an increasingly broad range of partners, including critical infrastructure sector-specific agencies; other federal, state, local, and tribal government agencies; national groups and councils; fusion centers; vendors; researchers and academia; infrastructure owners and operators; and international partners, including various CERTs. The Industrial Control Systems Joint Working Group 2013 Fall Meeting took place in Rockville, Maryland, at the Institute for Bioscience and Biotechnology Research/National Institute of Standards and Technology (NIST) facility on the grounds of the University of Maryland, Shady Grove campus. The conference provided for two days of presentations consisting of topics of interest to the Industrial Control Systems Joint Working Group community. Highlights included: Presentations on a variety of topics such as Information Technology Integration, Cyber Intelligence Analysis, NIST ICS Standards, Fuzzing, and Industrial Control Systems Security in the Healthcare sector. Discussions on the path forward for the Industrial Control Systems Joint Working Group, including a detailed explanation of new working activities and the associated activity plan, as well as an overview of the outstanding products developed by previous subgroup structures. An unclassified threat briefing from NCCIC/ICS-CERT detailing the current threat landscape to the nation s critical infrastructure. Two Lunch & Learn sessions educating the audience on new technology to replace firewalls and the way ahead for the Department of Defense as it relates to industrial control systems cybersecurity. 5

8 Protection Tiered Protection Through Cybersecurity Training ICS-CERT aligns training to further develop the skills necessary to secure and protect critical infrastructure from cyber threats. ICS-CERT offers cybersecurity training at no cost to industrial control system professionals and managers across all 16 critical infrastructure sectors in order to transfer knowledge on securing and protecting infrastructure to reduce cyber risk. These training courses include Introduction to Control Systems Cybersecurity, Intermediate Cybersecurity for Industrial Control Systems, and Industrial Control Systems Advanced Cybersecurity. In 2013, nearly 700 infrastructure professionals and law enforcement agents were trained. ICS-CERT training programs offer a foundation for cybersecurity professionals to attain the necessary skills to approach cybersecurity challenges Training Highlights included the following: Provided 11 Advanced Training Sessions to 442 participants, which are week-long events that provide intensive hands-on training and a 12-hour, red team/ blue team exercise that simulates a corporate espionage scenario. Trained law enforcement professional in Control Systems Forensics for Law Enforcement course. This course educates law enforcement agents on performing forensics on industrial control systems versus normal corporate enterprise network forensics. Delivered five training sessions across the country, including Introduction to Control Systems Cybersecurity (101), Intermediate Cybersecurity for Industrial Control Systems lecture (201), and Intermediate Cybersecurity for Industrial Control Systems with lab (202). Conducted our first regional trainings. Supported international training courses that reached 65 students from around the world. 6

9 Protection Tiered Support with the CSET The ICS-CERT foundation tool to baseline cybersecurity relative to cybersecurity standards is our Cyber Security Evaluation Tool (CSET). In 2013, over 5,000 CSETs were distributed and downloaded. As a significant piece of the ICS-CERT proactive portfolio, CSET continues to support, educate, and guide critical infrastructure asset owners. By combining the use of recognized standards and a step-bystep wizard style, CSET has become an accepted practice for critical infrastructure asset owners in establishing their own cybersecurity baselines and processes. CSET educates asset owners through an assessment process. During this process, cybersecurity implementers and management personnel are taken step by step through a series of concepts and ideas. While considering each concept, the assessment team reviews its individual processes from a cybersecurity perspective. The team discovers its own unique vulnerabilities while being introduced to new concepts and principles of cybersecurity. To accommodate more mature cybersecurity processes, CSET now provides the capability for current CSET users to use their past and current assessments to evaluate their investment in an established cybersecurity process. The release of CSET 6.0, helps users to establish a baseline assessment and then incorporate following assessments to trend and compare overall improvement. Users will be able to drill down into specific areas to view trending in areas such as account management, password-management, defense-in-depth, or least user privileges. Users can use this information to justify spending on particular areas of vulnerability, prioritize work and investment, and determine return on investment for cybersecurity-related spending. New functionality CSET 6.0 includes: Video tutorials available on demand from YouTube. Component questions reflect the latest concerns and issues in control system-related cybersecurity. High-level concept questions help the user to better understand and navigate questions. Ability to assign different portions and sections of an assessment and then merge all the pieces back together to create a single assessment. Capability to combine assessments to compare cybersecurity between divisions, find common problems, or illustrate the distinctive needs for each department. 7

10 ICS-CERT Year-in-Rev ew 2013 Mitigation Incident Response relies on a Scalable, Flexible, and Adaptable Operational Capabilities ICS-CERT operations rely on an adaptable and repeatable approach to mitigate cyber attacks. The repeatable process delivers core cybersecurity capabilities to industrial control system owners, operators, and vendors. The number, type, and mitigation resources ICS-CERT is able to provide are directly proportional to the requirement of the cybersecurity incident. As needs of an incident escalate and change, the program remains scalable, flexible, and adaptable in their incident response. ICS-CERT s suite of mobilized capabilities is associated with those actions that may protect property and the environment, stabilize communities and support basic human needs after a significant cybersecurity incident. ICS-CERT works with critical infrastructure asset owners and operators to respond to cyber incidents that have the potential to impact any of the 16 critical infrastructure sectors. ICS-CERT works with the potentially affected organizations to offer mitigations and subject matter expertise for immediate actions. The mitigations are specific to the cyber threat and needs of the organizations. In 2013, ICS-CERT applied capabilities to a number of cyber incidents, coordinated researcher discovered industrial control system vulnerabilities with vendors, and produced alerts and advisories to notify the ICS community. These situational awareness products provide actionable information about mitigation and protection strategies for implementing sound security practices. This year, ICS-CERT received and responded to 257 incidents as voluntarily reported by asset owners and industry partners. In 2013, attacks against the Energy sector represented over 56 percent of all incidents reported to ICS-CERT. The scope of incidents encompassed a vast range of threats and observed methods for attempting to gain access to both business and control systems infrastructure, including: Unauthorized access and exploitation of Internetfacing ICS/SCADA devices Malware infections within air-gapped control system networks (impacting operations) SQL Injection and application vulnerability exploitation 8

11 Lateral movement between network zones Targeted spear phishing campaigns Watering hole attacks (one of which utilized a zero-day vulnerability) Mitigation Preparation Focuses Scalable, Flexible, and Adaptable Approach to Incident and Vulnerability Analysis ICS-CERT employs analysis to improve the security posture and identify cybersecurity mitigation measures for industrial control systems. Vulnerability coordination, incident response, and mitigation services provided by ICS-CERT rely on advanced analysis provided through our Advanced Analytical Laboratory. The program cultivates skills, tools, and personnel to meet the demands of traditional industrial control systems security and today s threat landscape and evolving exploitation techniques. The Advanced Analytical Laboratory conducted vulnerability analysis and provided feedback and guidance to the ICS-CERT Vulnerability Team. The ICS-CERT prepared alerts and advisories using the vulnerability information and working closely with the industrial control system vendor. These alerts and advisories are posted to the US-CERT secure portal and on the public Web site. In total, the ICS-CERT Vulnerability Team received 187 reports from researchers and vendors that required coordination, testing, analysis, and the publication of information products. This year, the Advanced Analytical Laboratory focused on improving ICS-CERT s incident response capabilities and tools to include rapid, enterprise scanning of systems to look for known indicators of compromise for sophisticated intrusions. At the request of asset owners, these new capabilities as well as traditional incident response techniques were deployed for seven onsite incident response activations. The Advanced Analytical Laboratory also made significant improvements in its ability to handle and process digital media. Advanced Analytical Laboratory developed additional automation tools and techniques that have shortened the turn-around time and increased the thoroughness of the analysis. In FY-13, ICS-CERT s Advanced Analytical Laboratory analyzed data from 73 incidents. Phishing or spear-phishing attacks comprised 21 of the 73. Data from 11 incidents were related to intrusion attempts by an emerging cyber threat actor as part of a larger campaign involving more victims. 11 Related to intrusion attempts 9

12 Response NCCIC Provides Unified Response DHS provides analysis and support through the Office of Cybersecurity & Communications, within the National Protection and Programs Directorate, to an advanced network of cybersecurity professionals who work to protect critical infrastructure from cybersecurity threats. The NCCIC, within the Office of Cybersecurity and Communications, serves as a centralized location where operational elements involved in cybersecurity for critical infrastructure are coordinated and integrated with ICS-CERT. The NCCIC is composed of four branches: United States Computer Emergency Readiness Team (US-CERT) employs analysis techniques and expertise to address malicious cyber activity targeting our nation s networks. US-CERT develops and deploys timely and actionable information to federal departments and agencies, state and local governments, private sector organizations, and over 200 international partners. US-CERT operates the National Cybersecurity Protection System, providing federal departments and agencies with intrusion detection and prevention capabilities. ICS-CERT strengthens control systems cybersecurity through public-private partnerships. ICS-CERT has four focus areas: 1) situational awareness for stakeholders, 2) control systems incident response and technical analysis, 3) control systems vulnerability coordination, and 4) strengthening cybersecurity partnerships with government departments and agencies. National Coordinating Center (NCC) for Telecommunications leads and coordinates the initiation, restoration, and reconstitution of telecommunications services or facilities under all conditions. The NCC leverages partnerships with government, industry, and international partners to obtain situational awareness and determine priorities for protection and response. NCCIC Operations and Integration engages in planning, coordination, and integration capabilities to synchronize analysis, information sharing, and incident response efforts across all NCCIC branches and activities. This includes coordinating the continuity of operations responsibilities for alternate site operations to support minimal disruption to NCCIC mission essential functions. It acts as a 24-hour clearinghouse for critical cyber and communications 10

13 Response information and tracks and initiates critical information requirements that guide the dissemination of critical information. The NCCIC operational activities include providing greater understanding of cybersecurity and communications situation awareness vulnerabilities, intrusions, incidents, mitigation, and recovery actions. As the incident stabilizes, each organizational response effort is able to support the transition from response to recovery. As mutually supporting, fully integrated elements of the NCCIC, these branches provide the authorities, capabilities, and partnerships necessary to lead a national approach to addressing cybersecurity and communications issues at the operational level. The NCCIC organization works closely with those federal departments and agencies most responsible for securing the government s cyber and communications systems and actively engages with private sector companies and institutions; state, local, tribal, and territorial governments; and international counterparts. Each group of stakeholders represents a community of practice, working together to protect the portions of critical information technology with which they own, operate, manage, or interact. Unity of Effort Through Unified Command Supported with ICS-CEA The Industrial Control Systems Consequence Effects and Analysis (ICS-CEA) framework is a collaboration tool. ICS-CEA provides a critical infrastructure modeling and simulation capability. The tool also provides a means for users to model, analyze, and share information related to potential consequences of naturally occurring or man-made threats on our Nation s critical infrastructure. The ICS-CEA system provides the NCCIC a capability for daily use of modeling, simulation, analysis, and information sharing related to potential cross-sector consequence effects to several critical infrastructures and their related sectors. In 2013, ICS-CEA has been used for responding to multiple requests by the NCCIC regarding the identification of potentially affected critical infrastructure sectors because of natural and potential man-made threats. 11

14 Recovery ICS-CERT Applies Advanced Capabilities to Support Recovery ICS-CERT works with critical infrastructure asset owners and operators to respond to cyber incidents that impact any of the 16 critical infrastructure sectors. ICS-CERT supports recovery of the affected organization by providing adequate interim and long-term solutions and subject matter expertise for immediate actions. The response and recovery are specific to the incident and needs of the organizations. ICS-CERT provides cybersecurity evaluations to support the reliability and resiliency of the systems that comprise and interconnect critical infrastructures. ICS-CERT develops and implements coordinated security measures in collaboration with partners from across public, private, and international communities. In 2013, ICS-CERT conducted 72 onsite assessments across the US critical infrastructure sectors. The objective of the assessment is to establish a baseline of performance with regard to cybersecurity maturity as defined within a suite of cybersecurity standards and guidelines. Although the results may differ from sector to sector, many of the vulnerabilities and weaknesses within the networks and systems are similar. This year has seen increased partnering with the commercial nuclear industry and the energy sector with regard to performing onsite cybersecurity assessments. Cybersecurity assessments and recovery plans are tailored to each individual organization depending on the level of complexity in the systems. Asset owners can now request CSET evaluations and/or Architecture Reviews, which is a more in-depth comprehensive evaluation of specific control systems networks, architectures, and components, to support system analysis and future recovery actions. ICS-CERT will continue to support the development of tools and techniques available to ICS community members affected by cyber incidents. 12

15 Future ICS-CERT will advance and ensure the resilience and reliability of the Nation s critical infrastructure and protect key resources. ICS-CERT s mission is essential to the economic welfare and safety of the American people. ICS-CERT will engage and work with critical infrastructure vendors, operators, and asset owners across the country to enable response efforts to address a variety of cybersecurity risks. A computer based training course is being developed to engage a larger number vendor owner and operators. This training will allow the program to reach more critical infrastructure professionals across the country. The program will further enable a framework that acknowledges the concept of tiered response, which emphasizes enabling the best possible support to meet the unique challenges of each critical infrastructure sector. ICS-CERT is committed to supporting a community of critical infrastructure stakeholders to address future needs and continue to improve cybersecurity capabilities. The Industrial Control System Joint Working Group (ICSJWG) will support membership groups to align activities and more effectively employ member expertise. Going forward, the governing body of ICSJWG will focus on development of working group meetings, webinars, product review and approval, socialization and marketing of deliverables. This approach will deliver on a flexible and resilient approach to partner engagement, as well as provide a substantial platform for the public and private sectors to collaborate on the cybersecurity of the critical infrastructure in FY-14. The program will continue to support: engaged partnership; tiered response; scalable, flexible, and adaptable operational capabilities; unity of effort through unified command; and readiness to actively engage the public and private sectors, as well as international partners to prepare for, prevent, and respond to cybersecurity incidents that could impair strategic assets. The rollout of CSET 6.0 will provide an unprecedented level of organizational interaction with the tool to baseline and track cybersecurity. ICS-CERT continually improves the program s resources to enhance the security, resiliency, and reliability of the Nation s cyber and communications infrastructure. In order to provide integrated capabilities, ICS-CERT enhances all aspect of preparedness and capabilities based on the specific needs and requirements of the requesting customer. This tailored approach provides scalable response to cybersecurity challenges across critical infrastructures. 13

19 Assistance from ICS-CERT is only a phone call away The ICS-CERT encourages you to report suspicious cyber activity and vulnerabilities affecting critical infrastructure control systems. To report control systems cyber incidents and vulnerabilities contact the ICS-CERT: Toll Free: International Callers: (208) For industrial control systems security information and incident reporting: For more information about the ICS-CERT program visit: https://ics-cert.us-cert.gov/about-industrial- Control-Systems-Cyber-Emergency-Response-Team 17

THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,

Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals

Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

National Cybersecurity & Communications Integration Center (NCCIC) FOR OFFICIAL USE ONLY NCCIC Overview NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC), a division

Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS

Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will

U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District Securing the Nation s s critical infrastructures one community at a time Critical Infrastructure & Key Resources

Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential

Statement for the Record of Roberta Stempfley Acting Assistant Secretary Office of Cyber Security and Communications National Protection and Programs Directorate Department of Homeland Security and Sean

Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS INTRODUCTION The purpose of this document is to list the aligned with each in the Texas Homeland Security Strategic Plan 2015-2020 (THSSP).

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government

U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International

State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

Water Sector Approach to Cybersecurity Risk Management Wasser Berlin International March 24, 2015 Copyright 2015 American Water Works Association Cyber Threats are Real Director of National Intelligence

New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York State Division of Homeland Security and Emergency Services Office of Cyber Security Office of Cyber Security Overview

Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

NCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW Many incident taxonomies and classification schemes provide excellent guidance within the scope of a single enterprise s security operations center (SOC). However,

Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

A Functional Model for Critical Infrastructure Information Sharing and Analysis Maturing and Expanding Efforts ISAC Council White Paper January 31, 2004 1. PURPOSE/OBJECTIVES This paper is an effort to

GAO For Release on Delivery Expected at 3 p.m. EDT Wednesday, September 13, 2006 United States Government Accountability Office Testimony Before the House Committee on Homeland Security, Subcommittee on